Hi, I did a quick search around the forums for anything that went over this type of issue and found many similar ones, but none exactly like this one. Please forgive me if this is the wrong place for this or if you have any links that I may have missed!!
I use Wireguard and currently have VPN policies configured to keep only ONE device (my AppleTV) behind the VPN. No other devices should use VPN. This was working to the best of my recollection up until I upgraded my Beryl (MT1300) firmware to version 3.201. I cannot say exactly whether it worked or not for about 48 hours before/after I upgraded, though. The issue is that even with the limited-access policies enabled, it puts every device on my LAN behind the VPN. All devices still have internet but they are all persistently behind the VPN unless I disable the VPN completely. I’ve toggled all of the policy options, reloaded VPN configurations and rebooted the router to death to see if it was a hiccup, but it seems to be persistent. Verified this by checking a “whatismyip” website which outputs the VPN location rather than my actual on every device connected, as well as my ping responses out to the internet before/after VPN is enabled on the devices that should not be behind the VPN. I’ve confirmed that the same result happens with both Wireguard and OVPN.
Quick edit: I attempted to implement the policy in “reverse” and set all devices except for the AppleTV to “Do not use VPN”, and it still puts everything behind the VPN, so no dice there.
Anyone have any ideas? Thank you so much in advance!
I’m also using MT1300 and having this problem fairly frequently but intermittently.
Meaning that it will work for a while and then the chosen VPN policy will randomly stop working. This happens with both “Do not use VPN for the following” and “Only allow the following use VPN”. Same with “Mac Address” and “Domain/IP”. So something definitely seems to be broken with “VPN Policies” and when it breaks all devices will be routed behind the VPN regardless of chosen policy.
I’m using WireGuard, Mullvad, and 3.203 firmware.
I found this post describing a similar issue with the MT300N-V2:
If I follow those steps it works again, until it randomly decides to quit working again.
Now that you mention it, I have noticed it doesn’t work after reboot. However, I only reboot when I’m trying to fix something, so whatever is breaking VPN policies is happening before the reboot.
I haven’t noticed a discernible pattern. Maybe if the connection drops the same bug occurs? I don’t know.
Today i tested a little bit again with wireguard and vpn policy.
If you fix the policy thing please take care of the following:
I found a difference between openvpn and wireguard tunnel. If i use Wireguard with vpn policy enabled and try to reach my server which has the same ip as the Wireguard Endpoint it is not possible to reach it. Traceroute stopps at 192.168.8.1. All other is working. With openvpn and policy enabled its working without problems. Actually i need to change back to openvpn so that my IOT devices can reach my server.